Published: 11/10/2017 Updated: 13/11/2017

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8

VMScore: 320

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P

In the PatternMatch function in fontfile/fontdir.c in libXfont up to and including 1.5.2 and 2.x prior to 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x.org libxfont 2.0.0
x.org libxfont 2.0.1
x.org libxfont

Several security issues were fixed in libXfont ...

Two vulnerabilities were found in libXfont, the X11 font rasterisation library, which could result in denial of service or memory disclosure For the oldstable distribution (jessie), these problems have been fixed in version 1:151-1+deb8u1 For the stable distribution (stretch), these problems have been fixed in version 1:201-3+deb9u1 We recom ...

In the PatternMatch function in fontfile/fontdirc in libXfont through 152 and 2x before 202, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service) This occurs because '\0' characters are incorrectly skipped in situations invol ...

CWE-125 https://www.x.org/releases/individual/lib/libXfont2-2.0.2.tar.bz2 https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608 https://bugzilla.suse.com/show_bug.cgi?id=1054285 https://bugzilla.redhat.com/show_bug.cgi?id=1500690 http://www.debian.org/security/2017/dsa-3995 https://security.gentoo.org/glsa/201711-08 https://usn.ubuntu.com/3442-1/https://nvd.nist.gov

CVE-2017-13720

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect